期刊名称:International Journal of Innovative Research in Science, Engineering and Technology
印刷版ISSN:2347-6710
电子版ISSN:2319-8753
出版年度:2016
卷号:5
期号:3
页码:3361
DOI:10.15680/IJIRSET.2016.0503117
出版社:S&S Publications
摘要:CSRF (Cross Site Request Forgery) attacks targets an end user to execute malicious action on a webapplication and it is currently authenticated. It mainly focuses on target state changing request not theft on data. Thechanging requests like transferring of fund, changing email id, etc. The CSRF attack inherits the privilege of the victimto perform an undesired function on behalf of the victim. The prevention measures like using a secret cookie or onlyaccepting POST request should not prevent the attack. The XSS attack injects malicious script in trusted websiteswhereas it occurs when an attacker uses a website to send malicious code generally in the form of browser sidescripting. The HTML code filtering technique filters only the scripting tags and no the special characters. The proposedwork focuses on preventing CSRF and XSS attacks. CSRF attacks are prevented by generating multiple fresh tokens tovarious sensitive actions in a session. The generated token id is unique so that the actions are prevented. The security ofthe token is incorporated by means of using hash function through MD5 algorithm. The XSS attack is prevented byfiltering both HTML tags and special characters so that the attack cannot include malicious tag in a trusted webapplication.
